BIT-grafana-2020-27846

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/grafana/BIT-grafana-2020-27846.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-grafana-2020-27846

Aliases

CVE-2020-27846
GHSA-4hq8-gmxx-h6w9
GO-2021-0058

Published

2024-03-06T11:00:29.021Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1907670
https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://security.netapp.com/advisory/ntap-20210205-0002/

Affected packages

Bitnami / grafana

Package

Name: grafana
Purl: pkg:bitnami/grafana

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.7.5

Introduced

7.0.0

Fixed

7.2.3

Introduced

7.3.0

Fixed

7.3.6